3.1.5

Upgrading

If running an application in an environment where user security is critical, it may be necessary to
assign the config value Security.remember_username to false. This will disable persistence of
user login name between sessions, and disable browser auto-completion on the username field.
Note that users of certain browsers who have previously autofilled and saved login credentials
will need to clear their password autofill history before this setting is properly respected.

Test cases that rely on updating and restoring [Injector](api:SilverStripe\Core\Injector\Injector) services may now take advantage
of the new Injector::nest() and Injector::unnest() methods to sandbox their alterations.

If errors could potentially be raised by any [RequestHandlerYYSilverStripe\Control\RequestHandlerZZ class such as a XXForm](api:SilverStripe\Forms\Form) or
[ControllerYYSilverStripe\Control\ControllerZZ, you may now add the new XXErrorPageControllerExtension](api:SilverStripe\ErrorPage\ErrorPageControllerExtension) to this class to
transform plain text error messages into ErrorPage rendered HTML errors. In the past this
behaviour was limited to subclasses of [ContentController](api:SilverStripe\CMS\Controllers\ContentController). By default this extension is now
added to the Security controller, and if this is not desirable then it should be removed
explicitly via the Config system.

2014-04-01 84d8022 Fix Date and SS_DateTime::FormatFromSettings This issue is caused by the odd default behaviour of Zend_Date, which attempts to parse yyyy-mm-dd format date and times as though they were yyyy-dd-mm. (Damian Mooyman)